"Until today the latest Adobe 0-day vulnerability (CVE-2010-1297) had only been used in targeted attacks," according to Websense. "That changed a few hours ago when we started seeing mass injections adding the following URL to thousands of pages around the world: hxxp://26[REMOVED].in/y[REMOVED]o.js."

"The attack is closely related to the hxxp://ww.robint.us/[REMOVED].js attack earlier this week that our friends at Sucuri (Security) blogged about, where the common theme was that all Web sites were running on Microsoft IIS and used ASP.NET," Websense continued. "In fact, the majority of sites compromised by the new mass injection attack still have the robint.us code present."